Answer the question
In order to leave comments, you need to log in
S
S
Smile9202020-06-26 18:53:56
Smile920, 2020-06-26 18:53:56
Creating a PoC exploit?
I found a vulnerability on one of the sites, and then I was eager to inform the developers of this site about it. I came to the conclusion that writing a PoC exploit and sending it to the developers of this site would be the best solution.
But the main and main question arose that prevents me from doing this - how legal is it to write exploits for good purposes in the Russian Federation? After all, as far as I know, in order to be held accountable, there must be malicious intent, which I do not have ....
In general, I will be glad for any help in this matter!
4 answer(s)
@CityCat4
@Legal2019
@firedragon
C
CityCat4, 2020-06-26 @CityCat4
It's best to look for how many people flew in after such good intentions ... and burn out :) It's not worth the candle, by God. Especially if this office is not IT-shnaya.
L
Legal Adviser, 2020-06-26 @Legal2019
Maybe you should try something like this:
1. Make an official letter, like I am an expert in the field ... I found on your resource ... what it threatens you with ... You can contact me .... The cost of services to eliminate .... will be ...
2. If given formal written consent.
3. Signed an agreement.
4. Received money.
5. You did your job.
6. Everyone is happy.
Important. All actions are only within the framework of a legally correct contract and registration of all relations.
If you do otherwise - I think it will be a deplorable situation ...
A small pebble ... as soon as you make your offer, you become the object of the first line in case of a site crash (and it doesn’t matter what kind of vulnerability there was).
V
Vladimir Korotenko, 2020-06-26 @firedragon
Contact the Director of Security.
Or see if they are registered with BugBounty
Similar questions
B
Z
S
S
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question